U.S. patent application number 11/671706 was filed with the patent office on 2008-08-07 for system and method for setting application permissions.
Invention is credited to Michael K. Brown, Michael Kirkup, Tariq Tahir.
Application Number | 20080189793 11/671706 |
Document ID | / |
Family ID | 39677313 |
Filed Date | 2008-08-07 |
United States Patent
Application |
20080189793 |
Kind Code |
A1 |
Kirkup; Michael ; et
al. |
August 7, 2008 |
SYSTEM AND METHOD FOR SETTING APPLICATION PERMISSIONS
Abstract
There is disclosed a system and method for setting application
permissions. In an embodiment, the method comprises reviewing the
current application permissions settings on the device; comparing
the current application permissions settings to a set of required
application permissions settings for the software application;
listing the set of required application permissions; and providing
means to grant permission for all required application permissions
the user is authorized to grant. In another embodiment, only the
required application permissions requiring a grant of permission
and which the user is authorized to grant are listed. The user may
be provided with means to grant permission for all required
permissions the user is authorized to grant in a single
response.
Inventors: |
Kirkup; Michael; (Waterloo,
CA) ; Tahir; Tariq; (Waterloo, CA) ; Brown;
Michael K.; (Waterloo, CA) |
Correspondence
Address: |
FASKEN MARTINEAU DUMOULIN LLP
4200 TORONTO DOMINION BANK TOWER, BOX 20 TORONTO-DOMINION CENTRE
TORONTO
ON
M5K 1N6
omitted
|
Family ID: |
39677313 |
Appl. No.: |
11/671706 |
Filed: |
February 6, 2007 |
Current U.S.
Class: |
726/27 |
Current CPC
Class: |
G06F 21/604 20130101;
G06F 21/53 20130101; G06F 21/6218 20130101; H04L 63/102
20130101 |
Class at
Publication: |
726/27 |
International
Class: |
H04L 9/32 20060101
H04L009/32 |
Claims
1. A method of setting application permissions for a software
application on a device, comprising: reviewing the current
application permissions settings on the device; comparing the
current application permissions settings to a set of required
application permissions settings for the software application;
listing the set of required application permissions; and providing
means to grant permission for all required application permissions
the user is authorized to grant.
2. The method of claim 1, further comprising listing only the
required application permissions requiring a grant of
permission.
3. The method of claim 2, further comprising listing only the
required application permissions which the user is authorized to
grant.
4. The method of claim 1, further comprising providing means to
grant permission for all required permissions the user is
authorized to grant in a single response.
5. The method of claim 1, further comprising: identifying
applications permissions having administrative restrictions on
changing the settings; and indicating in the listing of the set of
applications permissions which have such administrative
restrictions.
6. The method of claim 5, further comprising: if any required
applications permissions have administrative restrictions, then
prompting the user to seek the system administrator's
permission.
7. A system for setting application permissions for a software
application on a device, comprising: means for reviewing the
current application permissions settings on the device; means for
comparing the current application permissions settings to a set of
required application permissions settings for the software
application; means for listing the set of required application
permissions; and means to grant permission for all required
application permissions the user is authorized to grant.
8. The system of claim 7, further comprising means for listing only
the required application permissions requiring a grant of
permission.
9. The system of claim 8, further comprising means for listing only
the required application permissions which the user is authorized
to grant.
10. The system of claim 7, further comprising means to grant
permission for all required permissions the user is authorized to
grant in a single response.
11. The system of claim 7, further comprising: means for
identifying applications permissions having administrative
restrictions on changing the settings; and means for indicating in
the listing of the set of applications permissions which have such
administrative restrictions.
12. The system of claim 11, further comprising: means for prompting
the user to seek the system administrator's permission if any
required applications permissions have administrative
restrictions.
13. A computer readable medium storing computer code that when
loaded into a device adapts the device to set applications
permissions for a software application on the device, the computer
readable medium comprising: code for reviewing the current
application permissions settings on the device; code for comparing
the current application permissions settings to a set of required
application permissions settings for the software application; code
for listing the set of required application permissions; and code
for providing means to grant permission for all required
application permissions the user is authorized to grant.
14. The computer readable medium of claim 13, further comprising
code for listing only the required application permissions
requiring a grant of permission.
15. The computer readable medium of claim 14, further comprising
code for listing only the required application permissions which
the user is authorized to grant.
16. The computer readable medium of claim 13, further comprising
code for providing means to grant permission for all required
permissions the user is authorized to grant in a single
response.
17. The computer readable medium of claim 13, further comprising:
code for identifying applications permissions having administrative
restrictions on changing the settings; and code for indicating in
the listing of the set of applications permissions which have such
administrative restrictions.
18. The computer readable medium of claim 17, further comprising:
code for prompting the user to seek the system administrator's
permission if any required applications permissions have
administrative restrictions.
Description
COPYRIGHT NOTICE
[0001] A portion of the disclosure of this patent document contains
material which is subject to copyright protection. The copyright
owner has no objection to the facsimile reproduction of the patent
document or the patent disclosure, as it appears in the Patent and
Trademark Office patent file or records, but otherwise reserves all
copyright rights whatsoever.
FIELD OF THE INVENTION
[0002] The present invention relates generally to systems and
methods for setting application permissions.
BACKGROUND
[0003] Handheld mobile communication devices are becoming more
versatile. In addition to an operating system (OS) and a basic set
of software applications, many handheld devices are now capable of
running a large number of third party software applications
including business productivity software, custom software
applications for specific industries, gaming software, and the
like. As the number of available software applications increases,
the process for setting up the software applications may also
become more complex.
[0004] Ideally, a process for setting up a new software application
on a handheld device may be fully automated. However, in practice,
there may be a need to prompt the user to grant certain permissions
(e.g. to change a setting or to provide access to user data). This
may especially be required where the software application setup may
require changes to device settings that may affect operation of
other software applications already installed and running on the
device, or that may incur a charge by activating a device feature.
In enterprise environments, in which a large number of the handheld
devices may be centrally maintained by an administrator, there may
also be enterprise security policies requiring administrative
control over certain device settings.
[0005] For users, numerous prompts to provide inputs or permissions
when setting up a new application may be confusing. If the user
cannot understand why a permission is required, the user may be
inclined to deny some or all of the requested permissions. These
denials of permission may have an unintended effect of causing the
setup and operation of the software application to fail, or
otherwise may limit the functionality of the software application
on the handheld device. Alternatively, the user may grant a blanket
permission to all requests without thinking, and may inadvertently
activate features, or change settings that the user did not intend
to change.
[0006] Thus, what is needed is a system and method for setting
application permissions that may address one or more of the
limitations as described above.
BRIEF DESCRIPTION OF THE DRAWINGS
[0007] In the figures which illustrate exemplary embodiments:
[0008] FIG. 1 is a schematic block diagram of various components
that may be found in a handheld mobile communication device;
[0009] FIG. 2 is an illustrative example of a handheld mobile
communication device that may provide an operating environment;
[0010] FIGS. 3A to 3D are illustrative screens for setting up
software applications on the handheld mobile communication device
of FIG. 2; and
[0011] FIG. 4 shows a flowchart of a method in accordance with an
embodiment.
DETAILED DESCRIPTION
[0012] As noted above, the present invention relates to a system
and method for setting application permissions.
[0013] In an illustrative embodiment, the invention may be
practiced with a handheld mobile communication device in a wireless
operating environment. Shown in FIG. 1 is a schematic block diagram
of an illustrative mobile communication device 100. The
communication device 100 may comprise a number of components,
including a main processor 102 which controls the overall operation
of communication device 100. Communication functions, including
data and voice communications, may be performed through a
communication subsystem 104. The communication subsystem 104 may
receive messages from and sends messages to a wireless network
200.
[0014] The main processor 102 may also interact with additional
subsystems such as a random access memory (RAM) 106, a flash memory
108, a display 110, an auxiliary input/output (I/O) subsystem 112,
a data port 114, a keyboard 116, a trackball 117, a speaker 118, a
microphone 120, short-range communications 122 and other device
subsystems 124 (such as a GPS subsystem).
[0015] Some of the subsystems of the communication device 100 may
perform communication-related functions, whereas other subsystems
may provide "resident" or on-device functions. By way of example,
the display 110 and the keyboard 116 may be used for both
communication-related functions, such as entering a text message
for transmission over the network 200, and device-resident
functions such as a calculator or task list. The trackball 117 may
be used for various navigation functions, such as navigating
through a graphical user interface (GUI) menu displayed on display
110. The trackball 117 may also be configured with a secondary
actuation feature, such as allowing a user to depress the
trackball, to allow selection of a highlighted item.
[0016] Operating system software used by the main processor 102 is
typically stored in a persistent store such as flash memory 108.
Those skilled in the art will appreciate that the operating system,
specific device applications, or parts thereof, may be temporarily
loaded into a volatile store such as the RAM 106.
[0017] The communication device 100 may send and receive
communication signals over the wireless network 200 after required
network registration or activation procedures have been completed.
Network access may be associated with a subscriber or user of the
communication device 100.
[0018] The communication device 100 may be a battery-powered device
and may include a battery interface 132 for receiving one or more
rechargeable batteries 130. In some embodiments, the battery 130
may be a smart battery with an embedded microprocessor. The battery
interface 132 is coupled to a regulator (not shown), which assists
the battery 130 in providing power V+ to the communication device
100.
[0019] The main processor 102, in addition to its operating system
functions, enables execution of software applications 134 on the
communication device 100. The subset of software applications 134
that control basic device operations, including data and voice
communication applications, will normally be installed on the
communication device 100 during its manufacture.
[0020] The software applications 134 may include a messaging
application 136. The messaging application 136 can be any suitable
software program that allows a subscriber or user of the
communication device 100 to send and receive wireless text
communications. Various alternatives exist for the messaging
application 136 as is well known to those skilled in the art.
Messages that have been sent or received by the user are typically
stored in local storage such as flash memory 108 of the
communication device 100, or in some other suitable storage element
in the communication device 100. In an alternative embodiment, some
of the sent and received messages may be stored remotely from the
device 100 such as in a data store of an associated host system
that the communication device 100 communicates with.
[0021] Another program that may be executed by the communication
device 100 is a password approval module 138 that may provide
approval for user passwords. The password approval module 138 may
execute a password approval method to determine whether the user
password specified by the user of the communication device 100 is
approved.
[0022] The communication device 100 may further include a device
state module 140, an address book 142, a Personal Information
Manager (PIM) 144, and various other modules 146. Additional
software applications may also be loaded onto the communication
device 100 through at least one of the wireless network 200, the
auxiliary I/O subsystem 112, the data port 114, the short-range
communications subsystem 122, or other device subsystem 124.
[0023] The communication device 100 may also include an application
permissions module 148 for handling various application permissions
for the various software applications 136, 138, 140, 142, 144, 146
running on device 100. Application permissions module 148 may be
configured to control various application permissions that each
software application may access. For example, application
permissions module 148 may control access to address book 142
functions for certain third party software applications, due to
privacy or security concerns. For each software application,
application permissions module 148 may identify (e.g. receive from
each software application) a set of application permissions
required for that software application. A more detailed description
of application permissions module 148 will follow further
below.
[0024] Now referring to FIG. 2, shown is an illustrative front view
of a handheld mobile communication device 100 that may provide a
suitable operating environment. As shown, the device 100 may
include a display 110, a keyboard 116, and other input or
navigation means such as a trackball 117. The display 110 may be
configured to display various screens allowing the user of device
100 to view screen outputs from application permissions module 148,
and to provide an input in response to a prompt or query displayed
on display 110.
[0025] In an embodiment, application permissions module 148 may be
configured to identify requirements for application permissions for
setting up a new software application on device 100, as determined
by an application developer. Suppose, for example, that the
software application being setup needs to access system resources
that are currently denied by the application permissions settings.
Rather then risk having the software application fail to operate
properly, it is proposed that the user be given the option of
granting permission to access all required permissions at the time
of setup (e.g. during installation or initial operation of the
software application), as determined by the application developer.
If the user wishes to grant the permissions at the time of setup,
and the user is authorized to do so, then the likelihood of proper
operation of the software application may be significantly
improved.
[0026] Now referring to FIGS. 3A to 3D, shown are illustrative
screens that may be displayed by application permissions module 148
on display 110 for setting application permissions for an
illustrative "XYZ" software application to be run on device 100 of
FIG. 1 and FIG. 2.
[0027] By way of illustration, FIG. 3A shows illustrative screen
300A entitled XYZ SOFTWARE APPLICATION PERMISSIONS SCREEN 1, and
provides at 302 an explanation to the user of device 100 that
permissions are required to run the software, as follows: "FOR THE
XYZ SOFTWARE APPLICATION TO OPERATE NORMALLY, IT MAY REQUIRE
CERTAIN APPLICATION PERMISSIONS".
[0028] Illustrative screen 300A may then explain to the user at 304
that, during setup, the current application permission settings of
device 100 will be reviewed and compared against the list of
application permissions required (e.g. as determined by the
application developer and stored in application permissions module
148). This may include reviewing and identifying any administrative
restrictions on updating or changing the application permissions
settings as may be specified by a system administrator.
[0029] An illustrative example of application permissions and their
default settings on device 100 is provided in Table A, below.
TABLE-US-00001 TABLE A Application Default Permissions Description
setting Internal Domains Specify the internal domain names to which
the application Null value can establish a connection. (not set)
External Domains Specify the external domain names to which the
application Null value can establish a connection. (not set)
Browser Filter Specify the domains for which the application can
apply Null value Domains browser filters to web page content on the
Device. For (not set) example, you can specify google.com and
yahoo.com as domains for which you allow an application to use a
search engine browser filter on the Device. Interprocess Specify
whether or not the application can perform Allowed Communication
interprocess communication operations. You can use this application
control policy rule to prevent two or more applications from
sharing data and to prevent one application from using the
connection permissions of another application. Internal Network
Specify whether or not the application can make internal Prompt
Connections corporate network connections. You can use this
application User control policy rule to allow or prevent the
application from sending or receiving any data on the Device using
an internal protocol (for example, using the connection service) or
to require that the user respond to a prompt on the Device to allow
internal connections through the Device firewall. External Network
Specify whether or not the application can make external Prompt
Connections network connections. You can use this application
control User policy rule to allow or prevent the application from
sending or receiving any data on the Device using an external
protocol (for example, using a WAP gateway, public MDS Services, or
TCP), or to require that the user respond to a prompt on their
Device to allow external connections through the Device firewall.
Local Connections Specify whether or not the application can make
local Allowed network connections (for example, connections to the
Device using a USB or serial port). Phone Access Specify whether or
not the application can make phone calls Prompt and access phone
logs on the Device. You can use this User application control
policy rule to allow or prevent the application from making any
calls on the Device or to require that the user respond to a prompt
on the Device to allow the application to make a phone call.
Message Access Specify whether or not the application can send and
receive Allowed messages on the Device using the email API. PIM
Data Access Specify whether or not the application can access the
Allowed Device PIM APIs, which control access to the user's
personal information on the Device, including the address book.
Note: Allowing the application to access PIM data APIs and use
internal and external network connection protocols creates an
opportunity for an application to send all of the user's personal
data from their Device. Browser Filters Specify whether or not the
application can access browser Not filter APIs to register a
browser filter with the browser on the Permitted Device. You can
use this application control policy rule to allow third-party
applications to apply custom browser filter to web page content on
the Device. Event Injection Specify whether or not the application
can inject synthetic Not input events, such as pressing keys and
performing Permitted trackwheel actions, on the Device. Bluetooth
Serial Specify whether or not the application can access the
Allowed Profile Bluetooth .RTM. Serial Port Profile (SPP) API.
Note: If you set the Disable Serial Port Profile IT policy rule to
True, the Bluetooth enabled Device cannot use the Bluetooth SPP to
establish a serial connection to a Bluetooth enabled device. Device
Keystore Specify whether or not the application can access the
Allowed Device key store APIs. If you set the Minimal Signing Key
Store Security Level and the Minimal Encryption Key Store Security
Level IT policy rules to high, the Device prompts the user for the
Device key store password each time an application tries to access
the user's private key on the Device, and the Device does not use
this application policy control rule. Device Keystore Specify
whether or not the application can access key store Allowed Medium
Security items at the medium security level (the default level),
which requires that the Device prompt the user for the Device key
store password when an application tries to access the user's
private key for the first time or when the private key password
timeout expires. If you set the Minimal Signing Key Store Security
Level and the Minimal Encryption Key Store Security Level IT policy
rules to high, the Device prompts the user for the Device key store
password each time an application tries to access their private
key, and this application policy control rule is not recognized.
Device GPS Specify whether or not the application can access the
Prompt Device Global Positioning System (GPS) APIs. You can use
User this application control policy rule to allow or prevent the
application from accessing the GPS APIs on the Device or to require
that the user respond to a prompt on the Device to allow access to
the GPS APIs. Theme Data Specify whether or not the Device can use
the custom Allowed theme applications, which developers can create
using the Plazmic CDK, as themes if they exist on the Device. User
Authenticator Specify whether or not the Device allows an
application to Allowed API access the user authenticator framework
API. The user authenticator framework allows the registration of
drivers (currently smart card drivers only) that provide two-factor
authentication to unlock the Device. This application control
policy rule applies to the Device Software and third-party Java
applications.
[0030] Still referring to FIG. 3A, illustrative screen 300A may
further explain to the user at 306 that, if further application
permissions are required, they will be listed. Illustrative screen
300A may then ask the user at 308 whether or not to continue.
[0031] Referring now to screen 300B of FIG. 3B, if the user has
chosen to continue with the setup, application permissions module
148 may review the current application permissions settings, and
identify any administrative restrictions on updating or changing
the application permissions settings as may be specified by a
system administrator.
[0032] As shown in screen 300C of FIG. 3C, upon reviewing the
current application permissions settings, and any administrative
restrictions, application permissions module 148 may be configured
to identify and provide the user of device 100 with a list 314 of
all permissions required for proper operation of the XYZ software
application. If the application permissions module 148 has detected
that certain application permissions settings are already granted,
then further permission is not required. In this case, the
permissions already granted may be indicated.
[0033] Still referring to FIG. 3C, as an illustrative example, XYZ
software application may require three application permissions
314a, namely: 1) External Domains; 2) Message Access; and 3)
Bluetooth.RTM. Serial Profile capabilities. By listing all of the
required permissions, as illustrated in list 314, the user is
notified of the permissions that will be required for proper
operation of the XYZ software application. As shown in FIG. 3C, the
user may also be shown which of the required application
permissions have already been granted (e.g. using a permission
grant status column 314b). In this illustrative example, none of
the required permissions are shown to be already granted. A second
restriction status column 314b may also indicate whether there are
any administrative restrictions on changing the application
permission setting. In this illustrative example, the Message
Access application permission is shown as having an administrative
restriction. The user may then be prompted at 315 to continue.
[0034] Should the user continue, application permissions module 148
may then proceed to display a screen 300D as shown in FIG. 3D. At
this point, the application permissions module 148 can be
configured to prompt the user with a listing of the required
applications permissions and indicate for which applications
permissions the user's grant is still required (e.g. as shown at
316).
[0035] In another embodiment, rather than listing all of the
applications permissions required for the software application,
only the applications permissions requiring the grant of a
permission may be listed in screen 300D. For example, if the
External Domains applications permission had already been granted,
this applications permissions would not be listed in screen
300D.
[0036] In yet another embodiment, the applications permissions for
which the user is authorized to grant permission may be separated
from applications permissions that may have administrative
restrictions on change.
[0037] In the illustrative embodiment shown in FIG. 3D, application
permissions module 148 may ask the user the following: "WOULD YOU
LIKE TO GRANT THE FOLLOWING PERMISSIONS REQUIRED FOR FULL OPERATION
OF THE XYZ SOFTWARE APPLICATION?" In response, the user may grant
permission, for example, by toggling back and forth between "Yes"
and "No", for each permission listed. For example, the user could
decide that access to External Domains and Bluetooth access should
be allowed because the user wants to be able to use the application
in a multi-user environment.
[0038] Alternatively, as shown at 317, the user may also be given
an option to grant all required permissions using a single
response. As will be appreciated, listing all of the required
permissions into a list 316, and then providing the user with an
opportunity to grant all required permissions with a response 317,
may significantly reduce the number of user prompts necessary
during the setup procedure.
[0039] In another embodiment, instead of "Yes" or "No" responses,
the user may have the opportunity to increase or decrease access to
the requested permissions using a discrete or continuous range
(e.g. low, medium and high; a numeric setting between 1 and 10,
etc.). Also, the user may seek more information on what each
permission, if granted, will allow by providing a Help
function.
[0040] Still referring to FIG. 3D, while a user may have
authorization to grant certain permissions, some of the permissions
sought may involve permissions which a system administrator may
wish to strictly control for all mobile communication devices 100
within an enterprise. For example, as shown at 318, access to the
messaging application 136 may be a permission which a system
administrator may wish to control for each device 100, due to
security or a privacy policy relating to messages. Thus, as shown
at 319, for those application permissions requiring authorization
from the system administrator, the application permissions module
148 may be configured to prompt the user to seek the required
permission from the designated system administrator, prior to
proceeding with the software application setup.
[0041] Upon receiving the set of new permissions granted by the
user and the administrator, application permissions module 148 may
be configured to review the list, and to modify or disable certain
options, actions and other aspects of the software application to
compensate should certain required permissions not be granted. This
may be accompanied by a warning dialog or message to the user
indicating that the software application may not fully function
without all of the requested application permissions. For example,
if the Message Access application permission is not granted by the
administrator based on the user request, the user may not be able
to invite someone from the address book to play a game application
with the user.
[0042] In an alternative environment, if all of the requested
permissions are not granted, the application permissions module 148
may be configured such that, at a later time, the request for
application permissions (as illustrated in FIGS. 3A to 3D) may be
repeated. This request for application permissions may either be
periodic, or may be user initiated if for example the user is
finding the reduced functionality of a software application to be
too restrictive and wants to now grant all requested application
permissions.
[0043] Now referring to FIG. 4, shown is a flowchart of an
illustrative method corresponding to the system described above. As
shown, method 400 begins, and at block 402, and opens the software
application permissions module 148. Next, at block 404, method 400
review the current application settings for device 100. Method 400
then proceeds to decision block 406, where method 400 compares the
current application permissions settings to a list of required
application permissions settings for a new software application.
Method 400 then proceeds to block 408, where method 400 may
identify the application permissions which are restricted by the
system administrator, and which require permission from the system
administrator to change. Method 400 then proceeds to block 410,
where method 400 lists the application permissions required for
full software application functionality.
[0044] At block 412, method 400 may provide means to seek user
permission for all permissions that the user is authorized to grant
(e.g. as illustrated above with reference to FIG. 3D). Method 400
then proceeds to block 414, where method 400 prompts the user to
seek the system administrator's permission as may be required (e.g.
Message Access). If there is no such privilege requiring the system
administrator's permission, then this step 414 may be skipped.
[0045] Next, method 400 may proceed to block 416, where method 400
may continue with the software application setup process.
[0046] Thus, in an aspect of the invention, there is provided a
method of setting application permissions for a software
application on a device, comprising: reviewing the current
application permissions settings on the device; comparing the
current application permissions settings to a set of required
application permissions settings for the software application;
listing the set of required application permissions; and providing
means to grant permission for all required application permissions
the user is authorized to grant.
[0047] In an embodiment, the method further comprises listing only
the required application permissions requiring a grant of
permission.
[0048] In another embodiment, the method further comprises listing
only the required application permissions which the user is
authorized to grant.
[0049] In another embodiment, the method further comprises
providing means to grant permission for all required permissions
the user is authorized to grant in a single response.
[0050] In another embodiment, the method further comprises
identifying applications permissions having administrative
restrictions on changing the settings; and indicating in the
listing of the set of applications permissions which have such
administrative restrictions.
[0051] In another embodiment, the method further comprises
prompting the user to seek the system administrator's permission if
any required applications permissions have administrative
restrictions.
[0052] In another aspect, there is provided a system for setting
application permissions for a software application on a device,
comprising: means for reviewing the current application permissions
settings on the device; means for comparing the current application
permissions settings to a set of required application permissions
settings for the software application; means for listing the set of
required application permissions; and means to grant permission for
all required application permissions the user is authorized to
grant.
[0053] In an embodiment, the system further comprises means for
listing only the required application permissions requiring a grant
of permission.
[0054] In another embodiment, the system further comprises means
for listing only the required application permissions which the
user is authorized to grant.
[0055] In another embodiment, the system further comprises means to
grant permission for all required permissions the user is
authorized to grant in a single response.
[0056] In another embodiment, the system further comprises means
for identifying applications permissions having administrative
restrictions on changing the settings; and means for indicating in
the listing of the set of applications permissions which have such
administrative restrictions.
[0057] In another embodiment, the system further comprises means
for prompting the user to seek the system administrator's
permission if any required applications permissions have
administrative restrictions.
[0058] In another aspect, there is provided a computer readable
medium storing computer code that when loaded into a device adapts
the device to set applications permissions for a software
application on the device, the computer readable medium comprising:
code for reviewing the current application permissions settings on
the device; code for comparing the current application permissions
settings to a set of required application permissions settings for
the software application; code for listing the set of required
application permissions; and code for providing means to grant
permission for all required application permissions the user is
authorized to grant.
[0059] In an embodiment, the computer readable medium further
comprises code for listing only the required application
permissions requiring a grant of permission.
[0060] In an embodiment, the computer readable medium further
comprises code for listing only the required application
permissions which the user is authorized to grant.
[0061] In an embodiment, the computer readable medium further
comprises code for providing means to grant permission for all
required permissions the user is authorized to grant in a single
response.
[0062] In an embodiment, the computer readable medium further
comprises code for identifying applications permissions having
administrative restrictions on changing the settings; and code for
indicating in the listing of the set of applications permissions
which have such administrative restrictions.
[0063] In an embodiment, the computer readable medium further
comprises code for prompting the user to seek the system
administrator's permission if any required applications permissions
have administrative restrictions.
[0064] While illustrative embodiments have been described above, it
will be appreciated that various changes and modifications may be
made. More generally, the scope of the invention is defined by the
following claims.
* * * * *